McAfee, Inc. McAfee Avert Labs Security Advisory
Public Release Date: 2006-05-09 Microsoft MSDTC NdrAllocate Validation Vulnerability CVE-2006-0034 ______________________________________________________________________ Synopsis There is an RPC procedure within the MSDTC interface in msdtcprx.dll that may be called remotely without user credentials in such a way that triggers a denial-of-service in the Distributed Transaction Coordinator (MSDTC) service. Exploitation can at most lead to a denial of service and therefore the risk factor is at medium. ______________________________________________________________________ Vulnerable Systems Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 ______________________________________________________________________ Vulnerability Information The msdtcprx.dll shared library contains RPC procedures for use with the Distributed Transaction Coordinator (MSDTC) service utilized in Microsoft Windows. By sending a large (greater than 4k) request to BuildContextW(), a size check can be bypassed and a bug in NdrAllocate() may be reached. This vulnerability was reported to Microsoft on October 12, 2005 ______________________________________________________________________ Resolution Microsoft has provided a patch for this issue. Please see their bulletin, KB913580, for more information on obtaining and installing the patch. ______________________________________________________________________ Credits This vulnerability was discovered by Chen Xiaobo of McAfee Avert Labs. ______________________________________________________________________ ______________________________________________________________________ Legal Notice Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfees customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes. McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. ______________________________________________________________________
